Slashdot Mirror
Feds Want to Tap VoIP
An anonymous reader writes "From the Globe and Mail: The FBI and the U.S. Justice Department have renewed their efforts to wiretap voice conversations carried across the Internet. Federal and local police rely heavily on wiretaps. In 2002, the most recent year for which information is available, police intercepted nearly 2,200,000 conversations with court approval, according to the Administrative Office of the U.S. Courts. Wiretaps for that year cost taxpayers $69.5 million, and approximately 80 per cent were related to drug investigations."
Can VoIP be encrypted in such a way that even if it is intercepted, it is useless? What is to stop someone from writing code that does that? Or will the NSA get involved?
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
At least with this fact in play we'll probably see some more decent voip encryption.
Wouldn't any real criminal run his VoIP through a VPN or some other encrypted tunnel, thus making difficult for the Feds to know that it is a VoIP session, let alone decrypt it and understand it? See, the problem with PCs is that they are general purpose devices that allow you to execute arbitrary algorithms -- or even add proprietary hardware to do hardware encryption. So, other than knowing what IP address a suspect is talking to, what good is the wiretap going to do them?
"Freedom means freedom for everybody" -- Dick Cheney
How do they propose to tap VOIP conversations over private networks? I can understand how federal regulations might get them permission to tap into the networks of the growing VOIP phone providers, but a lot of people (companies, geeks) set up their own internal VOIP networks over IPSEC, secure VLAN's and other such things that would be nearly(?) impossible to detect as VOIP traffic. Not to mention p2p type VOIP clients like those built into the various instant messenging programs that are, well, peer to peer, and don't go through some central server.
Do you really need reason for beer? Wingman Brewers
ipsec, ssh tunneling, and VPN configurations can all prevent this with no change to existing code.
Is anyone else outraged that the feds spent $63 million just wiretapping phones for a black market that they created? 1.) Make a drug black-market. 2.) Spend $63 million wiretapping phone investigating the market. 3.) ??? 4.) profit!
You can't judge a book by the way it wears its hair.
Not true. I have nothing to hide - I still don't wnat Uncle Sam listening to everything I do. Some of us still believe in privacy.
On a side note, sometimes people have things to hide with good reason. A number of the founding fathers lived as long as they did because of Privacy. A number of blacks were better off because records could be kept from corrupt local governments. People have been persecuted by scientology for speaking out against it - sometimes privacy is the only safeguard. Can you honestly say you trust every single person who has access to your data (government or not) to act in your best interest, or at least the best interest of the country. Here's a hint: if the government can beat it, someone else can too.
I'll take my privacy, thank you very much. The only way to stop power from being abused is to not grant it in the first place. Our society is based on individual freedom - for example, the whole "guilty until proven innocent" thing. Our constitution is set up to let the guilty go free rather than imprison the innocent, should a conflict arise. Would placing the burden of proof on the defense (or eliminating the trial altogether) mean fewer criminals went free? Of course! Would more innocent mean be imprisoned? Of course.
Is it worth it? Hardly. From what I hear, though, if you like that sort of thing, Cuba is not hard to get into.
Contact Me (got tired of viruses emailing me).
Sure, for a few conversations between buddies, encryption would baffle an individual. However, this is the US government-with tons of money to throw around...they'll find ways around encryption. Usama's satellite phone was "encrypted", but the NSA could crack it easily enough. If it becomes a great enough need, the government would find out how to decrypt it. They wouldn't brute force either. When the British found the Enigma machine, the US and British intelligence services reverse engineered it and then used it for the remainder of the war. Same thing would happen here: If the case was high-profile enough, the FBI would find the program used and reverse engineer it so they could thwart the encryption. I'm willing to bet that Nautlius (Blowfish) has already been cracked by the CIA/FBI/NSA, and that they have their own proprietary software for VoIP tapping. The only way to avoid it would be to design your own encryption software, and then make sure it doesn't fall into the US Military's/FBI's/NSA's/CIA's hands. Those agencies employ some of the best hackers/programmers in the field, and it would be near impossible to keep multiple VoIP conversations encrypted without changing software every conversation (and even then, you would have to have every conversation based on the understanding that those may be decrypted later.) This is because of the open structure of the internet.
The unfortunate problem is that since we have crap like the Patriot Act, it isn't as hard for the government to get whatever access it likes. By now, they pretty much DON'T need a reason anymore...
What makes you think that Uncle Sam is going to listen to "everything you do"? Remember, this law doesn't give the gov't carte blanche to listen to the conversations of anyone it chooses to. It must show a court of law that there is sufficient reason that you are using the phone lines to commit a felony. All this law does is put VoIP on the same legal standing as traditional phone lines, with regards to wiretapping.
Ummm, have you been asleep for the past two years?
Personally, it seems to me that VoIP is pretty cut and dry in this matter: it is a "telecommunications carrier". It is simply a new medium for the same thing we did on copper lines.
The most difficult (and dangerous) aspect is things like IM services with voice capacity. Actually, anyone two people with microphones and email could evade the police and FBI pretty easily by recording small sound files and emailing them (possibly even encrypting them to be sure). In such a case as this, where communications begin to forgo the use of any third-party to facilitate the information between two people, we will see a lot of hot debate.
When communications as distributed and "P2P" as this become more common place, many questions will be raised. But, we must look at how things would have to be implemented, before we can judge the rules that must be applied to them. Can we mandate that wiretaps must be available even for peer-to-peer exchange of communications? Would we then need to make requests directly to those being tapped, or those they are in contact with, stating they must, for a specified time, transmit all communications to the authoritive agencies for monitoring? Surely, no one would comply! Then, should the ISPs and backbone servers scan all packets for personal communications to or from individuals on a national "Tapped List"? But, what of all the data they would have to peak into to find these few, when most they have no right to touch, except to pass along?
We sail to rough waters. I pray for us all.
Question
http://www.ironfroggy.com/
Seriously, I'm the author of Speex (the speech codec) and I'd be willing to help if someone wanted to design an open-source library to encrypt VoIP packets. This is a project I can't do only by myself because I lack the knowledge to use crypto stuff currectly (random stuff, padding, etc).
I think it would be nice to have such a library so that any VoIP application writer can easily integrate the crypto functionality.
Opus: the Swiss army knife of audio codec
The good:
--If there is a wiretap, they are only getting your conversation, and not ever piece of data your computer spits out. It looks like they would need a different warrant for that too.
--The tap would be located not at your ISP, but at your VOIP provider. This helps guarantee privacy for the people not specified in the warrant.
--This places VOIP on more of an equal footing as traditional phone services. If they are legally the same for what they have to provide the cops, they could then argue they are the same legally when it comes to their protection as common carriers.
The bad:
--The VOIP companies would have to re-wire their networks so that all conversations go through a tappable trunk line. That, or they would have to set up infrastructure to siphon off individuals phone calls to a 3rd location (which is what I would prefer. Let the VOIP provider pull a copy of the conversation off the trunk line instead of the cops). This means more $ needed in development and implementation.
--Requlation may (ok, probably will) stifle innovation. By regulating things like how a wiretap is to be done, it will be harder for open source and closed source products to work in multiple countries. This then leads to problems with interoperability between national networks.
Overall, I don't see this as too alarming.
Now, if that makes sense to anyone, could you please explain it to me? I think I've confused myself.
"Weak" drugs (i.e. marijuana) should be regulated and sold just like alcohol. We let drunk drivers kill thousands of people a year, why not high ones? I don't like the idea of life-crippling drugs (i.e. heroin, cocaine) being sold over the counter, though.
This is a little off-topic rant, but the fact that we have drive-through liquor stores just boggles my mind. I understand that it is very convienent for people in a rush or whatever, but that's just asking for people to drive drunk. Drunk driving is totally out of control. I think we should treat them like we treat those prisoners of war in Cuba. It is a real problem and needs a serious kick in the ass to try to get some control over it. Luckily I haven't lost any friends or relatives to it (yet). But, playing the numbers, it is highly likely that sooner or later I will. What are the rules and penalties regarding drunk driving in other countries? I think we are much too lax in the U.S.
Never saw it. My point is, though, that someone in the FBI has probably also seen it. Any law requiring agents to "disconnect (or ditch-and-not-listen-to any recording)" is only a sop to civil-liberties advocates, because the FBI never can be sure if a conversation really is innocent or is simply well-encoded.
Many of the people responding to this thread are missing the big picture.
There will always be a screw-you-I'm-doing-this-the-OSS-way-with-crypto solution available. What does this solution cost? Well you might think it's free.
It isn't.
By adopting some OSS mechanism to communicate with whomever you choose, you impose a burden on the other party, namely, they have to install and have access to the same (or compatible) OSS VoIP software.
While this might be great for you and your hacker buddies, it won't help you call your parents, grandma, or your fiancee. It also won't help you call your doctor, lawyer, investment partner, stock broker or bank.
Wait, there's more going on here.
There are technical implication for the service providers. Most of the better designed VoIP protocols (like SIP, as an example) are all about establishing sessions. There is a location service somewhere that a user-agent (UA) (phone) can find, based on the number or URI that you call. This location service will either proxy your connection request to the other client, or it will redirect your user-agent to contact the other party directly. (Think HTTP 302 response code -- in fact -- SIP uses the same structure).
Once your UA has contacted the other party, some handshaking happens where you try to figure out what CODECs you will use to exchange audio, video, facsimile, IMs etc. Then end result is a collection of sessions directly between the user-agents that called one another.
Let me make that REALLY clear. Beyond the proxy / location service, the VSP (voice provider) is not in ANY way involved in the media flows. Why should it be? It doesn't care.
Enter CALEA requirements -- which are really poorly laid our I might add -- suddenly the VSP must carry the media and relay it to the other party and optionally duplicate each CODEC frame and send it to some black box (or red box as the case may be).
This has serious consequences on bandwidth consumption for VSPs.
But they can just do this when there is a tap! (You object)
And I counter with the fact that such an arrangement violates the CALEA requirements that a party subject to monitoring cannot know that they are under surveillance. End result? All media MUST flow through a choke point from which it could be duplicated.
This has catastrophic consequences on the bandwidth a VSP can expect to need to meet their service levels.
This may or may not be a Good Thing. I think it is NOT a Good Thing. One thing is certain, this issue is a very Material Thing for VSPs.
You can't rely on that as a protection. As a previous article about fed's use of the OnStar system to bug people in their luxury cars shows, there's been an important movement in the point between "tapping was accessable, so we did it" to "you are required to provide the tap." Yes, criminals will use more secure 1024-bit, perhaps even one-time pads, but the burden is now on EVERYONE else to get searched and siezed.
I see this as a HUGE deal. It doesn't matter that the real criminals will be using real encryption. The problem is that the Fed's want all networks to not only provide the tap, but do the collection work and carry the expense too.... Wire tapping has evolved from "the terminals on the phone were exposed, so we attached" to "you've got to build this capability into the system and carry the cost."
This is insane....no patriot would even consider allowing this.... Let's just pretend that we no longer have a "Bill of Rights".... or just that it simply has a dollar figure at the bottom that we're supposed to mail in....
For instance, at the rate we're going, I fully expect to see laws against two people conversing face-to-face and in private in my lifetime.
No need to wait for that. A fictional, but plausible illegal conversation, circa 1865:
Conspirator 1: Psst, John, here's the gun. When are you going to do it?
Conspirator 2: Right after act one of "Our American Cousins!"
Conspiracy is illegal, of course. It the content of a conversation conveys information that furthers a conspiracy, then the conversation is illegal. For example, it would be illegal for me to to tell you when I was going to commit a murder so you could make sure my getaway car, er, horse, was parked outside Ford's theater at the right time.
"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers
Got a judge to OK it? Not really needed anymore, with the PATRIOT and PATRIOT II acts.
They snuck the second PATRIOT act when they caught Hussein. Sneaky, that. Who needs a judge for phone taps, financial records, etc? Maybe in Canada!
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
You come over and hand me a disk with your public key on it. Or my friend that I trust signs the key and you push it to the keyserver. Read up on key exchange, it's interesting stuff.
:)
Essentially what happens is this:
1. Everyone makes a key.
2. ???
3. Profit!
Just kidding.
1. Everyone generates a keypair (a private key that decrypts messages, and signs things, and a public key that you give to everyone that verifies that signatures are from the private key [that presumably only you control], and encrypts things to your private key [i.e. you]).
2. Everyone publishes their public keys.
3. You sign someone's key if you know that person is who the key says he is.
Now you want to send a message. You get the public key of the recipient from the keyserver. It happens to be signed by persons A and B. You signed person B's key... therefore you trust that the key is valid (since you trust person B's judgement). Now you encrypt a message to your recipient [with HIS public key], and sign it [by encrypting a hash of the message with YOUR private key].
The receiver gets your public key, applies the trust logic to make sure he really has your key, and verifies that the message is from you.
You had to have your private key to make that signature valid. If someone forged your private key, the signature would not have been valid. Also, if the message was changed, the signature would again be invalidated.
So the recipient decrypts the message with HIS private key, that only he has. Now that person knows that 1) the message was from you and had not ben altered since you signed it (since he decrypted the hash of the message with your public key, which he trusts and the hash validated), and 2) nobody read or the message (only you can read that message, becuase only you have the private key).
So that's how that would work
My other car is first.
the spooks are already required to disconnect (or ditch-and-not-listen-to any recording) the instant they realize it's a call that is unrelated to the matter being investigated.
So I can, for example, call my dealer, talk a few minutes about my hemaroids, and then I place my order. Wait until that gets out!
"It's too bad that stupidity isn't painful." - Anton LaVey
The FBI doesn't bother with warrants anymore. They just write themselves national security letters. On top of that the criteria for getting warrants has fallen dramatically.
The only way to guarantee being able to tap voip is to generally outlaw and/or regulate cryptography, such as only allowing very weak cryptography, or mandating a scheme where all keys have to be known with the state authorities.
At the same time, such a system (key escrow) will make use of cryptography across national borders impossible, since there is no state or supranational authority (such as the UN) that would be trusted by all national states to keep the keys needed for decryption.
Can you imagine France to use cryptography using keys known by the US authorities? Can you imagine the US using a system whose keys are entrusted to some U.N. authority? In the latter case, if the US would want to get a key in order to decrypt some domestic voip conversation, would the UN allow it?
In other words: if the US really wants to keep this possibility, the only option is to either outlaw cryptography totally, or to mandate a scheme that can only work domestically and outlawing all other forms of cryptography.
Either way, international ecommerce is killed.
I think that the US autorities, whether they like it or not, have to be prepared for a time where they can no longer tap communications at all, or they must accept a severe blow to the global (and thus national) economy.
One wonders then how it is they were able to deal with crime before the advent of technology.
:-)
Actually, they didn't have too hard a time. They found the suspect, and questioned him - using whatever methods were deemed appropriate at the time - until they had a confession.
Easy as pie. No technology needed at all.
Forensics was initially very unpopular with law enforcement, as it meant a sh*tload of extra work, seemingly with no visible payoff. People who advocated it had a hard time keeping their rank.
Power corrupts you know.
I think that was my point.
Power doesn't corrupt neither more nor less than in previous generations, anyway. There is nothing new under the sun when it comes to how good or bad humans behave. Especially in a group.
I'm thinking VoIP over SSL, although I could be overlooking problems with TCP, UDP, and SSL.
Linking against twofish is trivial -- Niels Ferguson publishes a easy to use free twofish library in portable C. Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses.
Another more generic option would be to link against the mcrypt GPL library.
Any good crypto library should handle the difficult crypto stuff for you, the interesting question is how does VoIP handle session keys?.I can't easily locate documentation on key exchange for the voice channel for VoIP call setup? All I see are a handful of papers on encryption on the SIP protocol.
I do not deploy Linux. Ever.